Image 01 Image 03

Report: Iranian Regime-Sponsored Hackers Targeted U.S. Military Personnel

Report: Iranian Regime-Sponsored Hackers Targeted U.S. Military Personnel

Iranian hackers preyed on U.S. servicemen by posing on social media as recruiters for defense companies.

Iranian regime-sponsored hackers used Facebook, Twitter, LinkedIn, and other social media platforms to spy on U.S. military personnel, news reports say. 

Iranian hackers preyed on U.S. servicemen by posing on social media as recruiters for defense companies. Wired described the operation as “a long-running Iranian hacking campaign that used Facebook accounts to pose as recruiters.” 

The hacker group comprising of hundreds of fake social media accounts was working on behalf of the Iranian regime, Facebook’s cyber security assessment indicates

The spying operation is the latest in the series of Iranian regime-run campaigns against members of the U.S. military and government officials. “Iran appears to be intensifying its effort to exploit U.S. and Western targets in cyberspace, running a campaign aimed at manipulating American military personnel and defense companies on social media,” the Voice of America noted

The Reuters news agency reported on the details of the Iranian cyber spying operation:

Facebook said on Thursday it had taken down about 200 accounts run by a group of hackers in Iran as part of a cyber-spying operation that targeted mostly U.S. military personnel and people working at defense and aerospace companies.

The social media giant said the group, dubbed ‘Tortoiseshell’ by security experts, used fake online personas to connect with targets, build trust sometimes over the course of several months and drive them onto other sites where they were tricked into clicking malicious links that would infect their devices with spying malware.

“This activity had the hallmarks of a well-resourced and persistent operation, while relying on relatively strong operational security measures to hide who’s behind it,” Facebook’s investigations team said in a blog post.

The group, Facebook said, made fictitious profiles across multiple social media platforms to appear more credible, often posing as recruiters or employees of aerospace and defense companies. Microsoft-owned LinkedIn said it had removed a number of accounts and Twitter said it was “actively investigating” the information in Facebook’s report. [emphasis added]

The tech magazine Wired detailed the sophisticated nature of the operation which ran undetected across multiple social media platforms for months: 

[T]he social media giant [Facebook] revealed that it has tracked and at least partially disrupted a long-running Iranian hacking campaign that used Facebook accounts to pose as recruiters, reeling in US targets with convincing social engineering schemes before sending them malware-infected files or tricking them into submitting sensitive credentials to phishing sites. Facebook says that the hackers also pretended to work in the hospitality or medical industries, in journalism, or at NGOs or airlines, sometimes engaging their targets for months with profiles across several different social media platforms. And unlike some previous cases of Iranian state-sponsored social media catfishing that have focused on Iran’s neighbors, this latest campaign appears to have largely targeted Americans, and to a lesser extent UK and European victims.

Facebook says it has removed “fewer than 200” fake profiles from its platforms as a result of the investigation and notified roughly the same number of Facebook users that hackers had targeted them. “Our investigation found that Facebook was a portion of a much broader espionage operation that targeted people with phishing, social engineering, spoofed websites, and malicious domains across multiple social media platforms, email, and collaboration sites,” David Agranovich, Facebook’s director for threat disruption, said Thursday in a call with press.

Facebook has identified the hackers behind the social engineering campaign as the group known as Tortoiseshell, believed to work on behalf of the Iranian government. [emphasis added]

The Iran-directed hostile cyber campaign has been busted at a time when President Joe Biden is trying to reenter the 2015 nuclear deal with the regime. The Biden White House has dispatched negotiators to Vienna, Austria to take part in European Union-sponsored talks to finalize the restoration of the Obama-era agreement. 

Since Biden took office, Iranian aggression against the U.S. appears to have intensified. Earlier this week, the FBI released the details of an Iranian plot to kidnap a NY-based exiled women’s rights activist. 

The growing Iranian hostility hasn’t dampened the Biden administration’s hope of restoring the deal and reining in the genocidal Mullah regime. On Thursday, a White House staffer clarified that the Biden administration will continue to seek a deal with Iran’s ruling Mullah’s despite their attempt to abduct the Iranian-born U.S. national. 

The White House reportedly offered to remove wide-ranging sanctions imposed on the regime during President Donald Trump’s tenure. According to media reports published this week, Iranian foreign minister and top nuclear deal negotiator, Javad Zarif, said that the Biden administration has agreed to lift oil sanctions on the regime. 

A recent document released by the Iranian parliament “claims that the US will lift sanctions, allowing the purchase and sale of oil and oil products, as well as natural gas, in Iran’s energy sector, including through the National Iranian Oil Company,” the newspaper Israel Hayom reported on Friday. 

‘Iran says U.S. has agreed to lift oil sanctions’


Donations tax deductible
to the full extent allowed by law.


2smartforlibs | July 17, 2021 at 12:24 pm

So not Qanon?

This is pretty old hat. Lot’s of intrusion attempts on DoD networks and v service members and civilian members on their own devices and accounts.

Unfortunately DoD dropped the annual one hour cyber defense/security training requirement last year or the year before. Expect more successful intrusions and hacks as a result.

    henrybowman in reply to CommoChief. | July 17, 2021 at 6:42 pm

    This sounds a lot less like “hacking” than “grooming” or “social engineering.”
    This is more like “hacking” the way Christine Fang or Jeff Epstein did “hacking.”

      CommoChief in reply to henrybowman. | July 17, 2021 at 6:50 pm


      Lots of honey pot scams; Young Soldiers like pretty girls. Fake employment process scams; show us a .ppt of your most recent projects ECT.

henrybowman | July 17, 2021 at 6:40 pm

Even if this is true, we are to the point where just the fact that this presser originated from Facebook strips it of all credibility (i.e., there is no good reason to believe it is more likely to be true than to be false). The proper first response to this “information” is to speculate on “who benefits” if this is just more of the usual Facebook lies and misdirections, and who in the US government may be being shielded here.